By Paul Howard
For many organizations, the need to add to or introduce security in order to meet regulatory compliance is seen as a serious burden being imposed upon them with no defined advantages. This article examines security from all angles and exposes how it can be perceived as an asset and/or a burden to an organization.  

The chances of travelers losing sensitive data riding on laptops, mobile devices, or USB drives are running high today for anyone who doesn't effectively encrypt their data.

By Chris Smith

We usually think of encrypting data as a way to protect it from hackers and criminals, but did you ever consider that the U.S. federal government can now search your laptop without probable cause?

The increasingly heavy reliance on a highway as dangerous as the Internet can mean only one thing: The practice of encrypting everything is likely just over the horizon.

By Chris Smith

The Internet just in the past year has become a dangerous place indeed. This is ironic since during that same year, more people than ever are using the Internet for a growing list of purposes from personal dating to bill paying. Apart from hard statistics that document the increase in malware and phishing schemes, it seems every time I run a virus check lately, I find something has latched onto my system. With identify theft and data loss/leakage on the rise and compliance regulations directing us to follow ever-better security practices, the days of allowing data to remain unencrypted may soon be coming to a close.

Bytware's use of QR Codes on its promotional literature at COMMON challenges the widespread U.S. use of a more primitive barcode technology.

By Chris Smith

Have you ever stood in front of the self-serve checkout scanner in the supermarket trying to get your cookies to be read by the barcode scanner? Personally, I admire the brave souls who take anything more than a small number of items to the self-serve counter. Sometimes you can scan in everything you are buying, and sometimes you can't. Of course, that's why there is an attendant standing in the middle between the rows of scanners: to help. At least, I hope that's why she's there and not because store management thinks people will cheat and skip scanning an item or two.

By Chris Smith

Worried about viruses, worms, hackers, spam, and unwanted Web content? IBM released a new security appliance this week that promises to simplify and fortify small business networks.

The proper management of security starts way before and goes way beyond technical decisions. Technical decisions are extremely important for proper information security management, but they are neither the starting point nor the most important decisions related to effective information security management.

Yet most organizations treat information security as a purely technical issue. This, in my opinion, is why we keep seeing major incidents at large and familiar organizations (e.g., TJX). Not until high-level management understands that security is primarily a business issue and begins to assert its proper role in the security process will the state of affairs in information security begin to change. Only when this happens will it be possible to ensure the appropriate execution of the other roles. The objective of this article is to support this assertion and to describe the security business process needed to make meaningful improvements in the management of information security in the entire industry.